Router NME IPS - use promiscuous and inline mode simultaneous

Similar Messages

• IDSM-2 and inline mode

  Hello
  I have a question about IDSM-2 (in catalyst 6500) and ips 6.0.3 and inline mode. I wanted to create vlan groups, so i could have inline ips with many virtual sensors for subinterfaces (vlans range).
  I tied to:
  set trunk 5/7 1-4095 (on swith)
  set trunk 5/8 1-4095 (on swith)
  and in IDSM-2 in CLI:
  i created inline interface (using 5/7 and 5/8 ports), but after that i could not create in physical interface vlan groups. Why ?
  How can i make my IDSM-2 card working inline with many virtual sensors (policies) per different vlans ?

  i found my answer in idsm-2 document "You can mix sensing modes on IDSM-2. For example, you can configure one data port for promiscuous mode and the other data port for inline VLAN pair mode. But because IDSM-2 only has two data ports and inline mode requires the use of both data ports as a pair, you cannot mix inline mode with either of the other two modes." but something else,for doing such thing suppos that i have sig 2004 configured for inline traffic to deny attacker inline then this action doesnt make any sense for some data in passive mode and suppos that for that kind of traffic which idsm-2 is operating in passive mode i want to just send an alert. so can i use deferent VS for doing this? thanks.

• Get GPS info using Autonomous and CellSite Mode parallelly using MultiThreading

  I tried to get the GPS latitude and longitude values using Autonomous and CellSite Mode parallelly using two threads, but while execution only one thread is being active and I get values from only that, the other thread doesn't return any values at all.
  Is it possible to retrieve the GPS information using multiple threads running parallelly and also can I display the latitude and longitude values from the threads on the screen with less accuracy rate among the values.
  Thanks in advance...

  Your thread may not get noticed as it is in General Support threads. You may post your thread in Java Development to get faster response.
  Ron
  Click "Accept as Solution" if your problem is solved. To give thanks, click thumbs up Blackberry Battery Saving Tips | Follow me on Twitter

• Using DVI and VGA monitor simultaneously on MacPro

  using DVI and VGA monitor simultaneously on MacPro!
  2008 MacPro - running the latest Yosemite
  for the last few years, I've had two monitors attached - both DVI monitors in the DVI port.
  today, one of the two monitors died on me!  Just wouldn't turn on.
  As it happens, I also have an older VGA monitor.  So, this evening I bought a VGA-to-DVI adaptor. 
  when I plugged it in, something buggy happened ... the image was fine at the first, but then for a while, the active application started flashing off & on, it flashed between the image of the APP and a white panel... just the active APP.  the background apps looked fine.
  now it seems to have stopped .. .but I fear it may come back? 
  no idea what may be causing it!  is it NOT a good idea to use DVI and VGA monitors simultaneously on a 2008 MacPro?
  Hope it doesn't come back.  right now I'm in safe start-up mode, I'll see what happens when I run normal start-up mode tom'w morning.
  thanks for any feedback / insight!
  will

  this is all the info from ABOUT THIS MAC
  I believe the video card is the original from 2008 - I don't think I've changed that since the machine was new :
  ATI Radeon HD 2600 XT:
    Chipset Model: ATI Radeon HD 2600
    Type: GPU
    Bus: PCIe
    Slot: Slot-1
    PCIe Lane Width: x16
    VRAM (Total): 256 MB
    Vendor: ATI (0x1002)
    Device ID: 0x9588
    Revision ID: 0x0000
    ROM Revision: 113-B1480A-252
    EFI Driver Version: 01.00.252
    Displays:
  SyncMaster:
    Resolution: 1280 x 1024 @ 60 Hz
    Pixel Depth: 32-Bit Color (ARGB8888)
    Display Serial Number: HCJX844788 
    Main Display: Yes
    Mirror: Off
    Online: Yes
    Rotation: Supported
  LCD19D(TMDS):
    Resolution: 1280 x 1024
    Pixel Depth: 32-Bit Color (ARGB8888)
    Display Serial Number: WCCE5100535
    Mirror: Off
    Online: Yes
    Rotation: Supported
  thanks again!
  minor update: I went back to the DVI monitor, using another 12V AC cable, and it seemed to work, but then that one just started flickering (after being on for an hour or so...) the flickering stopped after a few minutes, but something tells me that I'm not out of the woods yet...
  w

• Jdeveloper 10.1.3 open a page in design and source mode simultaneously

  I want to open a page editor in design and source mode simultaneously on the same file.
  Kind of stupid question, but I could not find the answer in the help..

  OK ignore this message.
  For those who want to know - it is simple - right click on the tab with a a page name and select "Split Document" - I knew it was easy :)

• Switching IPS4240 from PROMISCUOUS to INLINE MODE

  Hi, what's the best way to cut over from PROMI to INLINE MODE? Right now we have our IPS 4240 connected to a hub sitting between our firewall and our Catalyst switch and running in PROMISCUOUS MODE. Our INLINE pair is set up. How can I set the IPS for INLINE MODE? Should I just connect 1 interface into the hub, and the other interface into our Catalyst 4507? Pleae see attached diagram.
  Tahnks in advance!

  Hi, what's the best way to cut over from PROMI to INLINE MODE? Right now we have our IPS 4240 connected to a hub sitting between our firewall and our Catalyst switch and running in PROMISCUOUS MODE. Our INLINE pair is set up. How can I set the IPS for INLINE MODE? Should I just connect 1 interface into the hub, and the other interface into our Catalyst 4507? Pleae see attached diagram.
  Tahnks in advance!

• Using Choose and @inlines commands together

  I am looking for help on how to structure Choose using @inlines. I can get @inlines to work with IF statements and I can get CHOOSE / WHEN to work on it own, but I have a couple of places where I need to use the combination of CHOOSE and INLINES together. I have tried several different options but can't seem to find the magic combination.
  Thanks for any help
  Mattern

  Would this example help?
  <?choose@inlines:?>
  <?when@inlines:EMPLOYEE_NUMBER=''?>No Number<?end when?>
  <?otherwise@inlines:?><?EMPLOYEE_NUMBER?><?end otherwise?>
  <?end choose?>
  Thanks!

• Filter Traffic using ISDM-2 Inline Mode and Inline VLAN Pairs

  Hi Everyone,
  I have a new ISDM-2 Module (Version 6.0(1)E1) and I?m thinking use Inline VLAN Pairs to bridge two vlans, in my case vlan 100 and vlan 101. Vlan 100 is the vlan used by MSFC and Vlan 101 is the vlan used by the outside of my FWSM . In this way, I think I can monitor all the traffic into and from Internet. My question is: can I choose what traffic I will analyze using this configuration ? Maybye with VACL or another way.
  Thanks in Advanced
  Andre Lomonaco

  If I understand your question correctly, I do not think you have the ability to selectively inspect the traffic with only a single pair of vlans. The IPS module is going to bridge your vlans together and you would want all traffic to go through that bridge...I don't know what mechanism you'd use to selectively direct traffic through some other bridge/route function.
  Within the IPS software you can turn off (disable AND retire) signatures that inspect traffic that you wish to ignore, the IPS will just forward the traffic through, but you don't have a fine level of granularity there.
  Scott

• Can I use parallel and multiplexed mode?

  Hi,
  I have
  a NI USB-6259 DAQ Module (Two Connectors with to Cables to two SCXI-1349, which connects the DAQ to the Chassis)
  a SCXI-1001 Chassis
  3 SCXI-1143 8 Channel Low Pass Filter Modules
  and
  a SCXI-1180 Front End Plate
  As the DAQ has 16 diff. AI Channels, I would like to drive two SCXI 1143 in multiplexed mode(connected to Connector 0 at USB-DAQ via SCXI 1349) and one in parallel mode assigned to AI 8-15 (Connected to Connector 1 at USB-DAQ via SCXI 1349) .
  The configuration is approved by MAX
  But when I run it with the software I get an error saying that a simultaneous scan is possible Error -223835. And that the selected channel is not in the task Error: -200486.
  Can one DAQ device(like NI USB-6259) be assigned with Channels 0-7 in multiplexed mode (multiplexing two SCXI 1143 8 Channel) and the rest of the channels in parallel mode for on SCXI card? NI-USB 6259 has to separate connectors but is it still seen as one DAQ card?
  What does the error say? I thought I configured for a simultaneous scan.
  Attached to this post is a picture:
  Top Left: Back view of my NI USB-6259
  Top Right: Front view of my chassis with three SCXI 1143
  Bottom: Back view of my chassis. Two SCXI 1249 are connected to two Cards. One card should be run in parallel mode, two in multiplexed mode.
  Cheers,
  Alex
  Solved!
  Go to Solution.

  @ Lorenz-Mie
  you are right that I need a new DAQ device, but as stated in the M-Series manual on page A-108:
  "Use Connector 0 of  your M Series device to control SCXI. NI-DAQ 7.4
  and later supports SCXI in parallel mode on Connector 1."
  Thats what I've done. I'll keep on trying.
  Alex

• Is it possible to use fullscreen and exclusive mode with a jfilechooser?

  is there a way to use them together? while in fullscreen exclusive mode the jfilechooser doesn't attach to fullscreen window and it halts the program.. I've tried setting the parent frame as the fullscreen frame but it's all glitched.. am I missing something?
  thank you,
  best regards,
  Jacopo

  For reference, the cross-post can be found here:
  Is it possible to use network devices (cDAQ-9188) with a PXI Real Time system?
  Jayme W.
  Applications Engineer
  National Instruments

• Scratching noise while using usb and internal sound simultaneous

  Hey,
  I am using a new usb soundcard and my inernal sound, to
  work with virtual dj. I played one song on the card and wanted
  to listen to the other using my headphones. Everytime I use both
  at the same time, I have a really loud scratching noise.
  Also if I am not using the external soundcard.
  Its working on my friends mac.
  please help :/
  kind regards
  Phillipe

  The problem is the same with AC adapter plugged in or without it.
  It's quite complicated to check the screws now - they are closed with the special stickers of the service center, if i'll remove those stickers i think the warranty terms will be violated and the warranty will dissapear.
  If there would be some way to check serial number of the motherboard was installed first i could come to those guys with this information and ask to open the cover together with me and to check the numbers if they are the same.
  I agree, maybe i should give it to another service, there are 2 different official services in my city. I just think it is a bit wront to simply let go that 1.5 months i could not use the item i've paid for about 1000 usd and nothing was done at all.

• Using FW400 and FW800 devices simultaneously

  I noticed that as I am using my external FW400 iSight camera that Time Machine suspends backups on my FW800 G-Drive. Is the FW800 logic sharing logic resources with FW400?

  There's only a single Firewire Bus ... when connecting two devices of different speeds always connect the fastest to the MBP first then the slower one into that i.e. put the fastest link in the chain first or all devices will operate at the slower speed.

• IDSM2 on 6500-IOS inline mode support?

  Hi,
  I have an IDSM-2 running IPS5.1(1d) software (recently upgraded from 4.x) that is sitting on a 6500 IOS.
  The IPS device manager shows gi0/7 and gi0/8 as both in Promiscuous mode. There is no option to change the mode to inline and pair them.
  Is it so that IDSM-2 currently supports only Promiscuous mode?
  If so, then this module is still acting as an IDS despite running IPS5.1. Isn't it? What is the advantage that I get after upgrading it from 4.x to 5.1?
  -- Vasanth

  There are 2 pieces to the puzzle.
  There is the IDSM-2 version and what it supports, but also the Cat 6K Native IOS version and what it supports.
  IDSM-2 v5.1(1d) supports
  a) Promiscuous mode,
  b) InLine Interface Pair mode (2 interfaces are paired for inline monitoring), and also
  c) InLine Vlan Pair mode (2 vlans on a single interface are paired for inline monitoring, you will also see it called inline-on-a-stick)
  But for these features to be used, the switch code must also support configuring the switch side of the IDSM-2 for each of these 3 features.
  Native IOS Versions prior to 12.2(18)SXE will support only Promiscuous mode on the IDSM-2.
  12.2(18)SXE and later versions will support InLine Interface Pair mode on the IDSM-2.
  No Native IOS versions currently support InLine Vlan Pair mode on the IDSM-2 (a new Native IOS versions with this support is currently in development).
  So to get Inline (IPS) functionality you need to be running a Native IOS version 12.2(18)SXE or later, and on the IDSM-2 run IPS versions 5.1 (or even the older 5.0).
  (NOTE: Cat OS 8.5(1) does support all 3 modes of the IDSM-2. So if you are using Cat OS instead of Native IOS, then run version 8.5(1) to have access to all of the features of IPS 5.1(1) on the IDSM-2)
  If you are running a Native IOS version prior to 12.2(18)SXE then the IDSM-2 can only be operated in Promiscuous mode even if 5.1(1) is loaded on the IDSM-2.
  However, even in promiscuous mode the IPS 5.1(1) software does have a few advantages.
  There are several engines, and engine parameters that are only supported in the 5.1 version and not the 4.0 version. So there are several signatures that are either a) not even created for 4.x sensors, or b) the 4.x signature is not as precise as the 5.x signature in the new engines.
  (These new engines have proved invaluable in writing signatures to detect some of the new attacks that have come out over the past year.)
  There are of course other advantages as well:
  For example:
  1) Risk Rating to better aid in prioritization of alerts.
  2) More flexible fitlering mechanism for alerts that allows for fitlering individual actions
  The 2 features above are just 2 of the new features that have been added in 5.0 and 5.1 that apply to both promiscuous and inline modes.

• IDSM-2, inline and Passive mode in same Module?

  Hi,i have a question that it can be strange.in our network we have implemented idsm-2 module in our 6513 Switch in inline mode.without any discution about network design suppose that our network is going beyond IDSM-2 Throughput and then we want to use IDSM-2 for some traffic in Passive mode insted of inline to reduce drop probability in inline mode.i mean before this state we were using idsm-2 data port 1(in vlan pair mode),now can we use data port 2 for this purpus(capturing some traffic on data port 2 for passive operation)? in other word idsm-2 can operate in this way?

  i found my answer in idsm-2 document "You can mix sensing modes on IDSM-2. For example, you can configure one data port for promiscuous mode and the other data port for inline VLAN pair mode. But because IDSM-2 only has two data ports and inline mode requires the use of both data ports as a pair, you cannot mix inline mode with either of the other two modes." but something else,for doing such thing suppos that i have sig 2004 configured for inline traffic to deny attacker inline then this action doesnt make any sense for some data in passive mode and suppos that for that kind of traffic which idsm-2 is operating in passive mode i want to just send an alert. so can i use deferent VS for doing this? thanks.

• Synchronous and asynchronous mode

  Hi all,
        when to use synchronous and asynchronous mode in BDC
  cheers

  Hi Kumar,
  Synchronus data processing is that in which the program calling the update task waits for the update work process to finish the update before it continues processing.
  In Asynchronus update the callng program does not wait for update work process to finish the update and continues as normal.
  A BDC done with sessions is always synchronus.
  A BDC with call transaction is by default asynchronus
  unless you define it explicitly as
  call transaction 'XXXX' ...... update 'S'.
  ( If you donot define update option it is defaulted to "A" ).
  The update method is of importance when one transaction locks data which may be required by a subsequent transaction . The subsequent transaction will fail if data is locked from previous one. An example would be you are creating sales order for same material in succession ( with asynchronus update ). Quite likely that some of transactions would fail due to material locked.
  For large volume of data Call Transaction will be faster but you have no restart capability here. Suppose from 1000 transactions 100 fails . You will have to run the BDC program again exclusing the ones which wrere successful. However with session method you have the option to process the error transactions again in SM35 . So if you are sure that errors will not occur use call transaction else use session method.
  Please also check this link for differences between call transaction and batch input method
  http://help.sap.com/saphelp_47x200/helpdata/en/fa/097015543b11d1898e0000e8322d00/frameset.htm
  Hope this will help.
  Regards,
  Ferry Lianto
  Please reward points if helpful.